home

cheano_drv.sys

杭州易玩科技有限公司

It runs as a Windows kernel mode device driver named “cheano_drv”.
Publisher:
杭州易玩科技有限公司  (signed and verified)

MD5:
3d9fca92f5a82c4fd071412e4b4c00a7

SHA-1:
2fc33fc9369dfb2a055ff539b90e5270c3111c75

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:21:17 PM UTC  (today)

File size:
936.8 KB (959,240 bytes)

File type:
Driver (Win32 SYS)

Digital Signature
Signed by:
杭州易玩科技有限公司

Authority:
WoSign CA Limited

Valid from:
9/7/2015 3:24:07 PM

Valid to:
10/7/2016 3:24:07 PM

Subject:
CN=杭州易玩科技有限公司, O=杭州易玩科技有限公司, L=杭州市, S=浙江省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
26CB70EAC883EBCE87324664917272C5

File PE Metadata
Compilation timestamp:
4/24/2016 12:13:37 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
24576:j09Od2SInnGPR2Zv5pcanlrm0k0ngiE4k+cELF4aX:gR3nE2N5pcanzciYELF4g

Entry address:
0x1EC804

Entry point:
EB, 08, BD, 0C, 02, 00, 00, 00, 00, 00, E9, 5D, E6, F3, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9506  (probably packed)

Code size:
926.5 KB (948,736 bytes)

Driver
Display name:
cheano_drv

Type:
Kernel device driver (KernelDriver)


Scan cheano_drv.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.